This article continues on series of articles about the Kamailio 3.1.x SIP proxy server deployed on the debian lenny and its features. In previous articles we have focused on:
Initial state and observed problems
We had observed a problem, where a SIP phone is registering, but the AOR record indicates, that as a Contact IP address the incorrect and strange private IP address is used. As is shown on following listing:
voip*CLI> pjsip show aor 1765
Aor: <Aor..............................................> <MaxContact>Contact:
Aor: 1765 1 Contact: 1765/sip:email@example.com:65476 f123d14d1c NonQual nanParameterName : ParameterValue ================================================= authenticate_qualify : false contact : sip:firstname.lastname@example.org:65476 default_expiration : 7200 mailboxes : max_contacts : 1 maximum_expiration : 7200 minimum_expiration : 60 outbound_proxy : qualify_frequency : 0 qualify_timeout : 3.000000 remove_existing : true support_path : false voicemail_extension :
This cause a problem, where incoming phone calls (call on 1765 number) are not reaching the SIP phone. We had tried to solve the situations on the phone only modifying its NAT configuration and using STUN, but with no success. Then we setup the lab with two Cisco NAT to simulate the topo. It works perfectly. This indicate on a problem with the Fortigate firewall. Several posts indicates that it could be the SIP ALG problem, which is on Fortigate devices turned on by default and it modifies SIP messages.
If you use the article, please cite me:SIP over NAT [SIP cez NAT] / Pavel Segeč. In: Journal of Information, Control and Management Systems. - ISSN 1336-1716. - Vol. 7, No. 1 (2009), p. 89-95.